Peter Saint-Andre wrote:
[...]
Oops, there were some typos and missing words. That's what I get for
replying to email while eating breakfast at 6 AM. Corrected text:
###
Note: In some application protocols, the procedure described in
this section can be performed by an application server acting as a
TLS client when verifying a server-to-server connection, not only by
s/TLS client/TLS server/
an application client when verifying a client-to-server connection
(e.g, this is true of XMPP). In this case, the application server
verifies the identity of the peer server that is attempting to
connect and therefore the reference identifier is in essence
supplied by the peer server (e.g., as triggered by a request to send
a message from an entity associated with the peer server to an
I think it is not clear who is verifying (probably because both parties
are for xmpp-s2s). What about:
In some application protocols, the procedure described in this section
can also be performed by an application server when verifying a incoming
[server-to-server?] connection from a peer, not only when verifying an
outgoing connection (e.g., this is true for XMPP).
In this case, the application server, acting as a TLS server, verifies
the identity of the TLS client and the reference identifier is in
essence supplied by the peer [...]
[where the peer server is the TLS client]
entity associated with the application service). Other than the
source of the reference identifier and the inverted roles of the TLS
client and TLS server, the verification process remains unchanged.
+1
_______________________________________________
certid mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/certid
